What’s your church’s backup plan?

Please tell me you have one?

There are numerous options and I won’t bore you with them – but one of the newer ideas around is cloud based backup. As in you copy your data to a remote data centre and let them worry about servers, resilience, cooling and all the other headaches that come with running a data centre.

However, who says you have to trust an unknown third party with your data?

So, if you’re happy that your backup plan actually works then why not find another local(ish) church and do a deal to put a server in their data room and let them do the same in yours. Then setup your server / software to copy the data offsite and voila you have a secure, offsite backup server.

• Is this something you’d do?
• Or is my idea too radical?
• What’s your cheap, offsite & secure solution?

Identity or ID fraud is huge.

Here are some facts to make you think ….

90% of users never check all their transactions on their bank or credit card statements. (ID Theft Protect, Aug 2007)

89% of users do not use a password manager to store their online and offline usernames and passwords. (ID Theft Protect, Sept 2007)

Identity theft is costing the British economy over £1.7 billion annually. (2006 – CIFAS)

Impersonation of the dead is growing at a rate of increase of 60% each year. (2004 – UK Home Office)

In 2004 most UK card fraud was committed via face-to-face transactions in shops. (2004 – Cardwatch)

These are just UK figures.

So what can you or should you do to help protect your ID in an ever increasingly connected and online world?

• Keep personal information secure.
• Keep all your plastic (credit / debit / identity) cards safe.
• Keep your documents safe.
• Keep your passwords and PINs safe.
• Use individual passwords for anything that requires online transactions – monetary or not.
• Protect the identity of deceased family members.
• Shred letters / documents that contain identifying information.

I will almost certainly expand on some of these in the weeks and months to come, but if you need any specific information or answers now then please do ask via the comments section or via my contact form or even by using the Skribit suggestions tab.

We’ve been getting a spate of phone calls at home.

The conversation goes something like this:

Me: Hello

Them: Can I speak with Mr. Smith? (name changed, but it isn’t mine)

Me: I’m sorry Mr. Smith hasn’t lived here since 2003.

Them: Is that Windy Way? (also changed)

Me: I’m not prepared to confirm that ….

We then bat back and forth a bit where they are trying to get some details about my address confirmed and I just stick to my mantra of “Mr. Smith hasn’t lived here since 2003″ and / or “I’m not prepared to confirm that”. At which point they have always got nasty or downright rude and it always ends with me hanging up as they try every tactic they can to get me to confirm something. Typically a day or so goes past before I get another one.

This seemingly innocuous approach to getting details is the old ‘social engineering‘ approach – whereby you use a fact (whether true or not) to gather accurate details of your target. The end game being that your or your company’s security gets compromised in some way.

The whole saga reminded me to have another chat with my children.

I’ve covered online dangers many a time with my children but for some reason had overlooked the more obvious direct approach.

My end advice to them was ultimately very simple:

If you don’t know the person then tell them nothing.

And always refer them to mum or dad.

Turns out our regular caller is a debt collection agency based in Scotland and they are known for their rude strong arm tactics in trying to get information so that they can pin a debt on you.

Reminds me that all the dangers aren’t online and we do well to remember that.

• have you any simple safety advice?
• have you fallen foul of social engineering?
• if so, what was the outcome?

I’ve been a long time fan of Ian “Gizmo” Richards and in days past we’ve had quite a natter about tech items. Sadly his newsletter no longer runs but he does still maintain the most excellent Gizmo’s Freeware reviews site under the old TechSupportAlert newsletter URL.

Sadly I don’t get as much time as I’d like to contribute there but a recent discovery of mine is his Security Advice Wizard.

It’s a very simple, 4 page, multiple choice info gathering wizard.

Nothing complicated and I guarantee that once you’ve read the T&C’s it’ll take you less than a minute to complete (and if you include those then make it less than 2 minutes).

At the end of it you get appropriate and focused advice on what you should do and how you should protect your Windows based computer..

I say you all should go through it … now.

AV-Comparatives have, until recently, been a site I trust.

I’ve referred you good readers to them before as a place of independence.

But today, IMO, they’ve blown that trust.

In their words:

At the end of every year, AV-Comparatives releases a summary report to comment on the various Anti-Virus products tested over the year, and to determine the winners in the various tests.

All sounds good so far – but last year, 2009, they awarded “AV Product of the year” to Symantec.

What?

How on earth can the widely recognised bloat that is Symantec beat the likes of Kaspersky (2nd) or Nod32 (3rd) as two examples I do trust? OK, so no one company will get it right 100% of the time for 100% of the people, but day in day out Symantec AV software has shown to be problematical, slow and notoriously unfriendly to systems. And woe betide you if you want to remove it.

Take a look at the summary report on which they base their award. On the surface and just looking at the chart you’d be inclined to agree – and let’s face it; not many of us dig into the meat of reports like this. But I do and I did and it makes for far more revealing reading than the headline – AV Product of the Year. After all, will Symantec care that in the details they state “being recognised as “Best Product of 2009″ does not mean that a product is the “best” (underline emphasis mine) – ah right, so now the truth comes out.

So, explain it to me. How can you on the one hand award a best of and then on the other say it isn’t necessarily the best?

Either it is or isn’t.

As I said, Symantec won’t care as they’ll just use the headline.

Oh and you get all this at twice the price of the other two I mention. Go figure.

• Do you agree with me on trust?
• What about in this particular instance – should I just shrug my shoulders?
• Has any security company lost yoru trust?

Here are 10 of the most popular Internet Scams.

I list them purely for your edification in the hopes that you don’t get caught out by them

- or that you can use this as either a quick reference

- or as a pointer for friends that may need some advice.

So, without further ado and in no particular order:

1. Nigerian scam – aka 419.

This almost always appears as an email from someone that is the “relative of the late [insert grand title]“ – in short they utilise emotion to try and get you to part with smaller sums of money in return for a decent %age of a much larger sum. One of the best sites out there for advice and fighting back is 419 Eater.

2. Lottery scams.

Similar to the 419 scam this one typically asks for an up-front payment to release the funds you’ve won. See FraudAid for some great advice.

3. Advance Loan Fees.

These, like the previous two, will ask for an up-front fee typically referred to as an admin or processing fee. They will normally ‘guarantee’ the loan – but ask yourself this: Why, when a conventional bank or credit card company will add the charge to any loan, do I need to pay an up-front fee? Short and to the point advice from Fraud.org.

4. Holiday scams.

These almost always take the approach that you’ve won a greatly reduced cost cruise or holiday but you never get to hear the ‘catch’ until you’ve signed up and paid what you believe is the total cost. Then the hidden clauses come out. ExpertLaw.com appears to have the best coverage of these types of ‘deal’.

5. Phishing scams.

I’ve talked about these before – see my full advice here.

6. Disaster relief scams.

I trust I don’t need to spell this one out? Instead I will simply say – go direct to the homepage of your favourite disaster relief charity and donate there. And if you don’t know any then check out CharityNavigator.

7. Chain eMails.

This is the modern equivalent of a chain letter and you are asked  to forward a small (typically) amount of money to a name & address and add your own to the bottom. More advice and fun at some of the emails out there from BreakTheChain.org.

8. Overpayment scam.

Best way to describe this is with an example. You want to sell item A for £100. Scammer B offers £500 in the form of a cheque (or similar) for goods they’ve sold in your country and for you to forward on the remainder. In this example £400. Then the cheque bounces and not only are you without item A but you’ve also sent B £400. Much more info on this type of scam at Scambusters.org.

9. Computer money making machine scam.

In return for some money, yes up-front, you are asked to install a program on your computer that opens lots of popups / adverts. Each of these effectively generate a click for that advert and ths income for the scammer. You are highly unlikely to see any return on this other then seriously impaired computer response. Avoid.

10. Employment scam.

The only reason this scam exists is to gather information – yours. Oh, and possibly your money too. The end result is likely to be fraud of some kind, either your ID is stolen or money from your bank (knowingly or not) and far from earning you money will always cost. Job-hunt.org has some great advice on this type of scam.

• Have I missed any obvious scams?
• Have you any great links to share that provide advice on avoiding scams?

As today is my daughter’s 10th birthday (which is far more important than any country celebration <g>) I’m being lazy and just posting some links.

The links will show you that I’m far from the only site talking about internet safety but I do try to make my approach cover all aspects and not just children.

• PRNewswire is a web based press release centre – here’s one of their recent releases.
• i-Safe is a US based non-profit promoting education in internet safety.
• Internet Safety with Professor Garfield – everybodies favourite cat teaches internet safety.
• 180 TechTips does more than just general Tech Tips, they also have a specific section on the internet – 5 min lessons on tech, good stuff.

That’s all for now – enough to keep you going but this section will probably become a regular within my ISS series.

It would appear that a certain Irish ISP (no names, no pack drill) has taken to blocking content they deem as unsuitable. This follows on from another Irish ISP that has adopted the “three strikes and out” rule on file sharing.

They aren’t just blocking the unsuitable content but entire sites.

The worrying thing is the lack of choice offered and no prior warnings – just blocked unceremoniously. Additionally there is no burden of proof required – so malicious reports could easily see someone barred from the internet. When you consider that most schools in the UK expect children to have access to the web at home for school purposes – then we once again enter into the realm of a two tier society. The have and have nots.

But, I don’t want to get into the politics of these decisions here, but show how (in the case of the site blocking) it can be overcome with some simple changes. Equally, making these changes could improve your surf speeds even if you don’t get blocked.

The approach is to utilise a third party DNS service such as OpenDNS or Google.

If you’re not a fan of either or find they aren’t perhaps as good as your current ISP then try using namebench – which is a simple utility that has code for Windows, Macs and *nix. In their own words they state that namebench “hunts down the fastest DNS servers available for your computer to use“.

So why is this a 201?

Mostly because it’s a step above an intro lesson to DNS (covered here) as you’ll need to know how to access yoru router and change it’s settings – that I won’t cover here, but OpenDNS cover a ‘how to‘ for most major manufacturers.

And another way around this is to utilise one of the methods discussed here recently.

• Should ISP’s play judge & jury?
• What about other un-regulated setups such as the IWF?
• Ignoring for now, the dangers to minors are you for or against ineternet censorship by organisations?